aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/debuggerd.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/debuggerd.te')
-rw-r--r--sepolicy/debuggerd.te151
1 files changed, 151 insertions, 0 deletions
diff --git a/sepolicy/debuggerd.te b/sepolicy/debuggerd.te
new file mode 100644
index 0000000..eba01d1
--- /dev/null
+++ b/sepolicy/debuggerd.te
@@ -0,0 +1,151 @@
+# ==============================================
+# MTK Policy Rule
+# ============
+
+# Date : WK14.32
+# Operation : AEE UT
+# Purpose : for AEE module
+domain_auto_trans(debuggerd, dmlog_exec, dmlog)
+
+allow debuggerd aed_device:chr_file { read write ioctl open };
+allow debuggerd expdb_device:chr_file { read write ioctl open };
+allow debuggerd platformblk_device:blk_file { read write ioctl open };
+allow debuggerd ccci_device:chr_file { read ioctl open };
+allow debuggerd etb_device:chr_file { read write ioctl open };
+allow debuggerd graphics_device:dir search;
+allow debuggerd graphics_device:chr_file r_file_perms;
+allow debuggerd Vcodec_device:chr_file r_file_perms;
+allow debuggerd camera_isp_device:chr_file r_file_perms;
+
+# AED start: /dev/block/expdb
+allow debuggerd block_device:dir search;
+allow debuggerd platformblk_device:dir search;
+
+# NE flow: /dev/RT_Monitor
+allow debuggerd RT_Monitor_device:chr_file { read ioctl open };
+
+# /dev/_GPU_ dev/pvrsrvkm
+allow debuggerd gpu_device:chr_file rw_file_perms;
+
+# /dev/exm0
+allow debuggerd exm0_device:chr_file r_file_perms;
+
+allow debuggerd shell_exec:file { execute execute_no_trans };
+allow debuggerd dex2oat_exec:file { execute execute_no_trans };
+
+# aee db dir and db files
+allow debuggerd sdcard_internal:dir create_dir_perms;
+allow debuggerd sdcard_internal:file create_file_perms;
+
+#data/anr
+allow debuggerd anr_data_file:dir create_dir_perms;
+allow debuggerd anr_data_file:file create_file_perms;
+
+#data/aee_exp
+allow debuggerd aee_exp_data_file:dir { relabelto create_dir_perms };
+allow debuggerd aee_exp_data_file:file create_file_perms;
+
+#data/dumpsys
+allow debuggerd aee_dumpsys_data_file:dir { relabelto create_dir_perms };
+allow debuggerd aee_dumpsys_data_file:file create_file_perms;
+
+#/data/core
+allow debuggerd aee_core_data_file:dir create_dir_perms;
+allow debuggerd aee_core_data_file:file create_file_perms;
+
+# /data/data_tmpfs_log
+allow debuggerd data_tmpfs_log_file:dir create_dir_perms;
+allow debuggerd data_tmpfs_log_file:file create_file_perms;
+
+allow debuggerd shell_data_file:dir search;
+allow debuggerd shell_data_file:file r_file_perms;
+
+#/data/anr/SF_RTT
+allow debuggerd sf_rtt_file:dir search;
+allow debuggerd sf_rtt_file:file r_file_perms;
+
+allow debuggerd sysfs:file write;
+allow debuggerd proc:file write;
+allow debuggerd sysfs_lowmemorykiller:file { read open };
+allow debuggerd debugfs:file read;
+#allow debuggerd proc_security:file { write open };
+
+allow debuggerd self:capability { fsetid sys_nice sys_resource net_admin sys_module };
+
+allow debuggerd domain:process { sigkill getattr getsched};
+allow debuggerd domain:lnk_file getattr;
+
+#core-pattern
+allow debuggerd usermodehelper:file { read open };
+
+#suid_dumpable
+allow debuggerd proc_security:file { read open };
+
+#kptr_restrict
+#allow debuggerd proc_security:file { write open };
+
+#dmesg
+allow debuggerd kernel:system syslog_read;
+
+#property
+allow debuggerd init:unix_stream_socket connectto;
+allow debuggerd property_socket:sock_file write;
+
+# dumpstate ION_MM_HEAP
+allow debuggerd debugfs:lnk_file read;
+
+allow debuggerd tmpfs:lnk_file read;
+
+
+# aed set property
+allow debuggerd persist_mtk_aee_prop:property_service set;
+allow debuggerd persist_aee_prop:property_service set;
+allow debuggerd debug_mtk_aee_prop:property_service set;
+
+# aee_dumpstate set property
+allow debuggerd debug_bq_dump_prop:property_service set;
+
+#com.android.settings NE
+allow debuggerd system_app_data_file:dir search;
+
+# sogou NE
+allow debuggerd app_data_file:dir search;
+
+# open and read /data/data/com.android.settings/databases/search_index.db-journal
+allow debuggerd system_app_data_file:file r_file_perms;
+allow debuggerd app_data_file:file r_file_perms;
+
+# /system/bin/am
+allow debuggerd system_file:file execute_no_trans;
+allow debuggerd zygote_exec:file { execute execute_no_trans };
+
+#/proc/driver/storage_logger
+allow debuggerd proc_slogger:file { write read open };
+
+# MOTA upgrade from JB->L: aee_dumpstate(ps top df dmesg)
+# allow debuggerd unlabeled:lnk_file read;
+
+binder_use(debuggerd)
+allow debuggerd system_server:binder call;
+allow debuggerd surfaceflinger:binder call;
+allow debuggerd surfaceflinger:fd use;
+allow debuggerd platform_app:fd use;
+allow debuggerd platform_app_tmpfs:file write;
+
+# aed and MTKLogger.apk socket connect
+allow debuggerd platform_app:unix_stream_socket connectto;
+
+allow debuggerd self:udp_socket { create ioctl };
+
+allow debuggerd init:process getsched;
+allow debuggerd kernel:process getsched;
+
+# for SF_dump
+allow debuggerd sf_bqdump_data_file:dir { read write open remove_name search};
+allow debuggerd sf_bqdump_data_file:file { read getattr unlink open };
+
+
+allow debuggerd custom_file:dir search;
+
+# avc: denied { read } for pid=4503 comm="screencap" name="secmem0" dev="proc"
+allow debuggerd proc_secmem:file r_file_perms;
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 00:40:55 +0000